Ransomware vs DDoS

70% of global ransomware activity targets English-speaking countries.

In the second half of 2025, 40% of all ransomware attacks targeted US-based companies.

In the second half of 2025, ransomware attacks against Canada and the UK accounted for a combined 30% of attacks.

Scattered Spider accounted for 42.9% of all actor-related alerts in the second half of 2025.

44% of attacks in the Automotive and Smart Mobility ecosystem are ransomware-related, more than double the volume in 2024.

90% of ransomware incidents exploit firewalls through a CVE or a vulnerable account.

The fastest ransomware case observed, involving Akira ransomware, takes just three hours from breach to encryption.

96% of incidents involving lateral movement end with the release of ransomware.

Ransomware attacks against industrial organizations increased 64% year-over-year.

Organizations with comprehensive OT visibility detect and contain OT ransomware incidents in an average of 5 days, compared to the industry-wide average of 42 days.

The average dwell time for ransomware in OT environments is 42 days.

Manufacturing accounts for more than two-thirds of all ransomware victims.

The number of ransomware groups targeting industrial organizations increased 49% year-over-year to 119 groups, collectively impacting 3,300 organizations globally.

In 2025, 55% of Chief Information Security Officers (CISOs) in the US and UK reported that their organization experienced a cyberattack, ransomware infection, compromise, or data breach that rendered mobile, remote, or hybrid endpoint devices inoperable.

In 2025, 61% of CISOs indicated that their organization’s board and C-suite expect the cybersecurity group to guarantee zero breaches and ransomware incidents.

The technology sector represented 45% of all network-layer DDoS attacks, up from 8.77% in 2024.

North America accounted for 63.1% of all network-layer DDoS attacks globally, followed by the Middle East (16.1%) and Europe (13.7%).

Network-layer DDoS attacks targeting OSI layers 3–4 increased 168.2% year over year.

Peak network-layer DDoS attack volumes reached almost 30 Tbps.

In the second half of 2025 the average Radware customer experienced more than 25,351 network-layer DDoS attacks, averaging 139 attacks per day.

Web DDoS attacks targeting OSI layer 7 increased by 101.4% compared to 2024.

Most high-impact Web DDoS attacks now last less than 60 seconds.

94.4% of Web DDoS attacks measured under 100,000 requests per second.

EMEA accounted for 57% of all Web DDoS attacks globally.

APAC's Web DDoS attacks surged 485% year over year.

60% of all reported cyber incidents in 2024 were Distributed Denial-of-Service (DDoS) attacks.

29% of leaders at financial services firms say they are unprepared to recover effectively from a Distributed Denial of Service attack.

20% of organizations cited denial-of-service attempts as the most common API security problem.

State-aligned operations, often driven by low-impact DDoS campaigns targeting EU Member States’ organisations’ websites, resulted in service disruption in only 2% of incidents.

Comcast Business detected 44,000 DDoS attacks, which often utilised short bursts and carpet-bombing techniques to overwhelm and test defenses